Sign up to save your podcasts
Or
Share How Uber Caught 206 Leaked Credentials With an LLM-Powered Security Stack
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How Uber Caught 206 Leaked Credentials With an LLM-Powered Security Stack
How Uber Caught 206 Leaked Credentials With an LLM-Powered Security Stack
Source: ADR: An Agentic Detection System for Enterprise Agentic AI Security
Paper was published on May 17, 2026
This episode was AI-generated on May 19, 2026. The script was written by an AI language model and the host voices were synthesized by Eleven Labs. The producer is not affiliated with Anthropic or Eleven Labs.
When a developer's AI assistant reads a poisoned Jira ticket and quietly exfiltrates SSH keys, traditional endpoint security sees nothing wrong. A new paper from Uber describes the first real production deployment of LLM-based security monitoring for AI agents — running across 7,200 hosts for ten months — and the architecture it lands on may become the template for how enterprises defend against agentic threats.
Key Takeaways
A walkthrough of how a poisoned Jira ticket can hijack an AI coding assistant, and why traditional endpoint detection cannot see the attack at all.
How the Model Context Protocol turned AI assistants into something that can touch thousands of real enterprise systems, and why that reshapes the defender's problem.
How the paper mirrors a human Security Operations Center with a Sensor, Tier 1 triage, Tier 2 investigation, and an offline Explorer.
The design decision to parse local agent session logs instead of intercepting traffic at a gateway, and what that buys in forensic visibility.
How the senior investigator agent pulls context on demand — including the actual implementation of tools — and why that one capability drives most of the detection quality.
How an evolutionary red-teaming loop generates, mutates, and scores synthetic attacks offline to inoculate the production detector against attacks it has never seen.
How detection data led to a simple regex-based prevention layer that blocked 206 credentials from leaving the company with only 6 false positives.
Where ADR beats baselines two-to-four-fold, and where the 67% recall, 49% production false positive rate, self-built benchmark, and missing Explorer ablation deserve scrutiny.
Why AI security is fundamentally a semantic problem, and why 'trusted insiders being talked into things' is a threat model that didn't operationally exist two years ago.
Recommended Reading
View all episodes
By paperdive.aiHow Uber Caught 206 Leaked Credentials With an LLM-Powered Security Stack
Source: ADR: An Agentic Detection System for Enterprise Agentic AI Security
Paper was published on May 17, 2026
This episode was AI-generated on May 19, 2026. The script was written by an AI language model and the host voices were synthesized by Eleven Labs. The producer is not affiliated with Anthropic or Eleven Labs.
When a developer's AI assistant reads a poisoned Jira ticket and quietly exfiltrates SSH keys, traditional endpoint security sees nothing wrong. A new paper from Uber describes the first real production deployment of LLM-based security monitoring for AI agents — running across 7,200 hosts for ten months — and the architecture it lands on may become the template for how enterprises defend against agentic threats.
Key Takeaways
A walkthrough of how a poisoned Jira ticket can hijack an AI coding assistant, and why traditional endpoint detection cannot see the attack at all.
How the Model Context Protocol turned AI assistants into something that can touch thousands of real enterprise systems, and why that reshapes the defender's problem.
How the paper mirrors a human Security Operations Center with a Sensor, Tier 1 triage, Tier 2 investigation, and an offline Explorer.
The design decision to parse local agent session logs instead of intercepting traffic at a gateway, and what that buys in forensic visibility.
How the senior investigator agent pulls context on demand — including the actual implementation of tools — and why that one capability drives most of the detection quality.
How an evolutionary red-teaming loop generates, mutates, and scores synthetic attacks offline to inoculate the production detector against attacks it has never seen.
How detection data led to a simple regex-based prevention layer that blocked 206 credentials from leaving the company with only 6 false positives.
Where ADR beats baselines two-to-four-fold, and where the 67% recall, 49% production false positive rate, self-built benchmark, and missing Explorer ablation deserve scrutiny.
Why AI security is fundamentally a semantic problem, and why 'trusted insiders being talked into things' is a threat model that didn't operationally exist two years ago.
Recommended Reading